-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docker: switch from musl to glibc, and simplify stuff
The Dockerfile now has two stages: build and assembly. This allows for a full-fledged debian build container, while still resulting in a super-thin busybox image. License: MIT Signed-off-by: Lars Gierth <[email protected]>
- Loading branch information
Lars Gierth
committed
Sep 8, 2017
1 parent
f55a7a0
commit 944210c
Showing
4 changed files
with
94 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
Dockerfile | ||
Dockerfile.faster | ||
.git/ | ||
!.git/HEAD | ||
!.git/refs/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,46 @@ | ||
FROM alpine:edge | ||
FROM golang:1.9-stretch | ||
MAINTAINER Lars Gierth <[email protected]> | ||
|
||
# There is a copy of this Dockerfile called Dockerfile.fast, | ||
# which is optimized for build time, instead of image size. | ||
# | ||
# Please keep these two Dockerfiles in sync. | ||
|
||
ENV GX_IPFS "" | ||
ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | ||
|
||
COPY . $SRC_DIR | ||
|
||
# Build the thing. | ||
RUN cd $SRC_DIR \ | ||
# Required for getting the HEAD commit hash via git rev-parse. | ||
&& mkdir .git/objects \ | ||
# Allows using a custom (i.e. local) IPFS API endpoint. | ||
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \ | ||
# Build the thing. | ||
&& make build | ||
|
||
# Get the TLS CA certificates, they're not provided by busybox. | ||
RUN apt-get install -y ca-certificates | ||
|
||
# Now comes the actual target image, which aims to be as small as possible. | ||
FROM busybox:1-glibc | ||
MAINTAINER Lars Gierth <[email protected]> | ||
|
||
# Get the ipfs binary, entrypoint script, and TLS CAs from the build container. | ||
ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | ||
COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs | ||
COPY --from=0 $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs | ||
COPY --from=0 /etc/ssl/certs /etc/ssl/certs | ||
|
||
# This shared lib (part of glibc) doesn't seem to be included with busybox. | ||
COPY --from=0 /lib/x86_64-linux-gnu/libdl-2.24.so /lib/libdl.so.2 | ||
|
||
# This installs a very simple program acting as the init process. | ||
# Makes sure signals are properly passed to the ipfs daemon process. | ||
ENV TINI_VERSION v0.16.1 | ||
ADD https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini /sbin/tini | ||
RUN chmod +x /sbin/tini | ||
|
||
# Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets | ||
EXPOSE 4001 | ||
|
@@ -14,51 +49,18 @@ EXPOSE 5001 | |
EXPOSE 8080 | ||
EXPOSE 8081 | ||
|
||
# IPFS API to use for fetching gx packages. | ||
# This can be a gateway too, since its read-only API provides all gx needs. | ||
# - e.g. /ip4/172.17.0.1/tcp/8080 if the Docker host | ||
# has the IPFS gateway listening on the bridge interface | ||
# provided by Docker's default networking. | ||
# - if empty, the public gateway at ipfs.io is used. | ||
ENV GX_IPFS "" | ||
# The IPFS fs-repo within the container | ||
# Create the fs-repo directory and switch to a non-privileged user. | ||
ENV IPFS_PATH /data/ipfs | ||
# The default logging level | ||
ENV IPFS_LOGGING "" | ||
# Golang stuff | ||
ENV GOPATH /go | ||
ENV PATH /go/bin:$PATH | ||
ENV SRC_PATH /go/src/github.com/ipfs/go-ipfs | ||
RUN mkdir -p $IPFS_PATH && adduser -D -h $IPFS_PATH -u 1000 -g 100 ipfs | ||
USER ipfs | ||
|
||
# Expose the fs-repo as a volume. | ||
# start_ipfs initializes an fs-repo if none is mounted | ||
# start_ipfs initializes an fs-repo if none is mounted. | ||
# Important this happens after the USER directive so permission are correct. | ||
VOLUME $IPFS_PATH | ||
|
||
# Get the go-ipfs sourcecode | ||
COPY . $SRC_PATH | ||
|
||
RUN apk add --no-cache --virtual .build-deps-ipfs musl-dev gcc go git \ | ||
&& apk add --no-cache tini su-exec bash wget ca-certificates \ | ||
# Setup user | ||
&& adduser -D -h $IPFS_PATH -u 1000 ipfs \ | ||
# Install gx | ||
&& go get -u github.com/whyrusleeping/gx \ | ||
&& go get -u github.com/whyrusleeping/gx-go \ | ||
# Point gx to a specific IPFS API | ||
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > $IPFS_PATH/api) \ | ||
# Invoke gx | ||
&& cd $SRC_PATH \ | ||
&& gx --verbose install --global \ | ||
&& mkdir .git/objects && commit=$(git rev-parse --short HEAD) \ | ||
&& echo "ldflags=-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
# Build and install IPFS and entrypoint script | ||
&& cd $SRC_PATH/cmd/ipfs \ | ||
&& go build -ldflags "-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
&& cp ipfs /usr/local/bin/ipfs \ | ||
&& cp $SRC_PATH/bin/container_daemon /usr/local/bin/start_ipfs \ | ||
&& chmod 755 /usr/local/bin/start_ipfs \ | ||
# Remove all build-time dependencies | ||
&& apk del --purge .build-deps-ipfs && rm -rf $GOPATH && rm -vf $IPFS_PATH/api | ||
# The default logging level | ||
ENV IPFS_LOGGING "" | ||
|
||
# This just makes sure that: | ||
# 1. There's an fs-repo, and initializes one if there isn't. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,55 +1,69 @@ | ||
FROM alpine:edge | ||
FROM golang:1.9-stretch | ||
MAINTAINER Lars Gierth <[email protected]> | ||
|
||
# This is a copy of /Dockerfile, | ||
# except that we optimize for build time, instead of image size. | ||
# | ||
# Please keep these two Dockerfiles in sync. | ||
|
||
ENV GX_IPFS "" | ||
ENV SRC_DIR /go/src/github.com/ipfs/go-ipfs | ||
|
||
COPY ./package.json $SRC_DIR/package.json | ||
|
||
RUN set -x \ | ||
&& go get github.com/whyrusleeping/gx \ | ||
&& go get github.com/whyrusleeping/gx-go \ | ||
# Allows using a custom (i.e. local) IPFS API endpoint. | ||
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > /root/.ipfs/api) \ | ||
# Fetch the dependencies so we don't have to do it everytime. | ||
&& cd $SRC_DIR \ | ||
&& gx install | ||
|
||
COPY . $SRC_DIR | ||
|
||
# Build the thing. | ||
RUN set -x \ | ||
&& cd $SRC_DIR \ | ||
# Required for getting the HEAD commit hash via git rev-parse. | ||
&& mkdir .git/objects \ | ||
# Build the thing. | ||
&& make build \ | ||
&& mv cmd/ipfs/ipfs /usr/local/bin/ipfs \ | ||
&& mv bin/container_daemon /usr/local/bin/start_ipfs | ||
|
||
# This installs a very simple program acting as the init process. | ||
# Makes sure signals are properly passed to the ipfs daemon process. | ||
ENV TINI_VERSION v0.16.1 | ||
ADD https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini /sbin/tini | ||
RUN chmod +x /sbin/tini | ||
|
||
# Ports for Swarm TCP, Swarm uTP, API, Gateway, Swarm Websockets | ||
EXPOSE 4001 | ||
EXPOSE 4002/udp | ||
EXPOSE 5001 | ||
EXPOSE 8080 | ||
EXPOSE 8081 | ||
|
||
ENV GX_IPFS "" | ||
# Create the fs-repo directory and switch to a non-privileged user. | ||
ENV IPFS_PATH /data/ipfs | ||
ENV IPFS_LOGGING "" | ||
ENV GOPATH /go | ||
ENV PATH /go/bin:$PATH | ||
ENV SRC_PATH /go/src/github.com/ipfs/go-ipfs | ||
RUN mkdir -p $IPFS_PATH \ | ||
&& useradd -s /usr/sbin/nologin -d $IPFS_PATH -u 1000 -g 100 ipfs \ | ||
&& chown 1000:100 $IPFS_PATH | ||
USER ipfs | ||
|
||
# Expose the fs-repo as a volume. | ||
# start_ipfs initializes an fs-repo if none is mounted. | ||
# Important this happens after the USER directive so permission are correct. | ||
VOLUME $IPFS_PATH | ||
|
||
# This is an optimization which avoids rebuilding | ||
# of the gx dependencies every time anything changes. | ||
# gx will only be invoked if the dependencies have changed. | ||
# | ||
# Put differently: if package.json has changed, | ||
# the image-id after this COPY command will change, | ||
# and trigger a re-run of all following commands. | ||
COPY ./package.json $SRC_PATH/package.json | ||
|
||
RUN apk add --no-cache --virtual .build-deps-ipfs musl-dev gcc go git \ | ||
&& apk add --no-cache tini su-exec bash wget ca-certificates \ | ||
&& adduser -D -h $IPFS_PATH -u 1000 ipfs \ | ||
&& go get -u github.com/whyrusleeping/gx \ | ||
&& go get -u github.com/whyrusleeping/gx-go \ | ||
&& ([ -z "$GX_IPFS" ] || echo $GX_IPFS > $IPFS_PATH/api) \ | ||
&& cd $SRC_PATH \ | ||
&& gx --verbose install --global | ||
|
||
COPY . $SRC_PATH | ||
|
||
RUN cd $SRC_PATH \ | ||
&& mkdir .git/objects && commit=$(git rev-parse --short HEAD) \ | ||
&& echo "ldflags=-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
&& cd $SRC_PATH/cmd/ipfs \ | ||
&& go build -ldflags "-X github.com/ipfs/go-ipfs/repo/config.CurrentCommit=$commit" \ | ||
&& cp ipfs /usr/local/bin/ipfs \ | ||
&& cp $SRC_PATH/bin/container_daemon /usr/local/bin/start_ipfs \ | ||
&& chmod 755 /usr/local/bin/start_ipfs \ | ||
&& apk del --purge .build-deps-ipfs && rm -rf $GOPATH && rm -vf $IPFS_PATH/api | ||
# The default logging level | ||
ENV IPFS_LOGGING "" | ||
|
||
# This just makes sure that: | ||
# 1. There's an fs-repo, and initializes one if there isn't. | ||
# 2. The API and Gateway are accessible from outside the container. | ||
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/start_ipfs"] | ||
|
||
# Execute the daemon subcommand by default | ||
CMD ["daemon", "--migrate=true"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters